just another infosec blog

Breaches gone wild

Halfway past 2016 and news on breached data from social media sites has been hitting us constantly. Massive data dumps has been released into the wild, and they come with a hefty price tag for those willing to pay. Data from anything between small to big fat juicy players have been disclosed – and guess what? Most likely, your data is in these breaches.

Us humans, we’re a social creature. If we get an outlet to socialize, we’ll use it. Facebook, Myspace, LinkedIn and Tumblr – been there done that. Left our credentials at the door hoping for the best. What if these attackers got hold of your credentials? Well – it is happening.

Let’s have a look at some players who got their data leaked recently on the black market:

LinkedIn

Back in 2012 LinkedIn suffered a breach where nearly 6.5 million records were leaked. It was massive – or so we thought. As it turns out, this was just a small portion of the total. In May 2016 a new dump were offered on the black market containing 167 million records stemming from that breach in 2012.

Myspace

LinkedIn wasn’t alone, soon after a dump from the old slugger Myspace surfaced. The dump contained some 360 million records. Due to being hard to date, the general consensus is that the dump stemmed from a breach back in 2008.

Tumblr

Even the micro blogging and social media platform Tumblr was affected by a breach. A dump containing 65 million records were found circulating on the black market. The dump stemmed from an early 2013 breach. Tumblr stated on their own blog that they had no reason to believe that this information was used to access Tumblr accounts.

VK.com

VK is Russia’s answer to Facebook. A dump containing some 100 million records were found circulating on the black market. As a side note, on Thursday June 9th I witnessed Troy Hunt loading the VK dump onto his HaveIBeenPwned site live at the NDC Oslo conference. It was interesting seeing his total bumping 1 billion entries.

That black market

All of these breaches were found on the black market site “The Real Deal”. A site which is accessible through the Tor Network. All were offered by the same seller for some Bitcoins. We don’t know if the seller is the same person or gang that actually did the breaches, though.

Some thoughts

From my sources the dumps appears to be quite old, with possibly the VK one being the most recent. Why did we see these breaches on the black market just recently? Being old means that they’ve probably been floating around in private circles for years before finally surfacing to the public. I wonder what the data has been used for in the mean time and why they surfaced just recently. Did the hackers milk this cow dry and are now trying to monetize further on it by selling it? Or, could it be that this whole thing is a show off? I can only speculate.

On his speech at NDC Troy Hunt said something interesting. Often when he is offered dumps, the people offering them seem to be very young. Typically teenagers and 20’s something. It could very well be that these youngsters actually got lucky aiming their tools at various instances. Or that they are acting on behalf of someone else. Hard to guess.

There has also been news on others being breached. Just recently the Bittorent forum were compromised. Also Wendy’s, and Fling, and Ashly Madison and that fisting site. Possibly many others too. I’m not saying that the same hackers were behind them all, I’m only saying there has been many breaches lately and it may be a common pattern involved here. What we’ve seen lately might be a ramp up and that we are going to see even more prominent breaches in the future.